@tatsuhiro-t are there any guarantees that std::uniform_int_distribution will produce as good of any entropy as getrandom? This post hints otherwise. If plain insecure rand was not good enough for aria2, I'd expect need for good entropy. Can you summarize what aria2 needs good entropy for or why bad (or not guaranteed to be good) entropy would not be a security concern in your eyes? Thanks!

The counterpart of getrandom in C++1x API is std::random_device. The difference of getrandom and the current code is whether sampling from /dev/urandom or use pseudo random generator mt19937.
This function is used when we need some random data like producing ID or padding length.
For security stuff, we use the function provided by crypto library (e.g., OpenSSL).
The one exception is BitTorrent InternalDHEKeyExchange which uses this random generator to produce keys. It is only used if no cyrpto library is available. So it might be affected but the current code has existed as fallback so we didn't lower the bar. Also BitTorrent encryption is considered as insecure.

That was quick! I read your reply as "we don't need high quality entropy for all cases that involve this function" — is that understanding correct?

yes